go-getter up to 1.5.11 and 2.0.2 allowed protocol switching, endless redirect, and configuration bypass via abuse of custom HTTP response header processing. Fixed in 1.6.1 and 2.1.0.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HHashicorp Go Getter
APPHashicorp2.0.2≤ 1.5.11
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Powiązane podatności
CVE-2024-3817CRITICAL9.8PL ✓ten sam produkt
HashiCorp go-getter: argument injection przy odkrywaniu zdalnych gałęzi Git
CVE-2025-8959HIGH7.5ten sam produkt
HashiCorp's go-getter library subdirectory download feature is vulnerable to symlink attacks leading to unauth...
CVE-2024-6257HIGH8.4ten sam produkt
HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git...
CVE-2022-30321HIGH8.6ten sam produkt
go-getter up to 1.5.11 and 2.0.2 allowed arbitrary host access via go-getter path traversal, symlink processin...
CVE-2022-30322HIGH8.6ten sam produkt
go-getter up to 1.5.11 and 2.0.2 allowed asymmetric resource exhaustion when go-getter processed malicious HTT...